package com.b511.swpu.cementbackend.config;

import com.b511.swpu.cementbackend.config.sercurity.TokenAuthenticationFilter;
import com.b511.swpu.cementbackend.config.sercurity.TokenAuthenticationProvider;
import com.b511.swpu.cementbackend.repository.SysUserRepository;
import com.b511.swpu.cementbackend.service.SysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
public class TokenSecurityConfig extends WebSecurityConfigurerAdapter {

    //概念
    //SecurityContextHolder 存放认证信息上下文
    //Authentication 认证信息
    //AuthenticationManager 身份认证器 ProviderManager有多个Provider认证

    //认证流程
    // 1.过滤器获取请求信息
    // 2.将信息封装成Authentication
    // 3.AuthenticationManager校验Authentication
    // 4.返回一个充满信息的Authentication
    // 5.将充满信息的Authentication放入上下文

    private final SysUserService sysUserService;

    public TokenSecurityConfig(SysUserService sysUserService) {
        this.sysUserService = sysUserService;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth.authenticationProvider(new TokenAuthenticationProvider(sysUserService));
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().configurationSource(corsConfigurationSource());
        http.csrf().disable()
                .addFilterBefore(new TokenAuthenticationFilter(), BasicAuthenticationFilter.class)
                .authorizeRequests()
                .antMatchers("/public/**").permitAll()
                .antMatchers("/dev/**").permitAll()
                .antMatchers("/dataReceive/**").permitAll()
                // 6.1 dataQuery不需要权限即可访问
                .antMatchers("/dataQuery/preview/**").permitAll()
                //客户端sql语句不需要权限
                .antMatchers("/dataQuery/execUpdate").permitAll()
                .antMatchers("/dataQuery/execQuery").permitAll()
                .anyRequest().authenticated();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // 文件下载接口 /dataQuery/** 暂时不进行权限验证
        web.ignoring().antMatchers("/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**","/dataQuery/preview/**","/dataQuery/execQuery","/dataQuery/execUpdate");
    }

    private CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", corsConfiguration);
        return source;
    }
}
